I have never set them up to overlap before :) In general more specific
settings override general settings, so "/wfs/** and GET,POST,PUT,DELETE
would be more specific then wfs.*. In your second example version=2.0.0
would be more specific etc...
But I think you may be missing the point rest.properties should be used to
lock down REST access?
Jody Garnett
On Wed, Mar 19, 2014 at 3:08 AM, Maciej Machulak
<[email protected]>wrote:
> Hi all,
>
> I have been reviewing the security model for the GeoServer and I wanted to
> confirm that OWS and REST security mechanisms are overlapping - i.e. the
> following two rules are equivalent:
>
> (1) wfs.*=ROLE_WFS (specified in security.properties file)
> (2) /wfs/**;GET,POST,PUT,DELETE=ROLE_WFS (specified in rest.properties
> file)
>
> Is that correct?
>
> Similarly, are the below two rules equivalent?
> (2) wfs.GetFeature=ROLE_WFS (specified in security.properties file)
> (3)
> /wfs?service=wfs&version=2.0.0&request=GetFeature;GET,POST,PUT,DELETE=ROLE_WFS
> (specified in rest.properties file)
>
> If rule 1=2 and rule 3=4, which security mechanism takes precedence? The
> OWS or the REST one? Also, would it then be possible to use just a single
> mechanism (e.g. REST) and make sure that the other one is turned off
> completely (e.g. OWS one).
>
> Also, as I understand, only the OWS security is exposed through the Web
> interface of the GeoServer, while the REST security has to be defined
> directly within a file. Is that correct?
>
> Thank you in advance for clarification.
>
> Kind regards,
> Maciej
>
> --
> Maciej Machulak
> email:
> [email protected]<https://mail.google.com/mail/?view=cm&fs=1&tf=1&[email protected]>
> mobile: +44 7999 606 767 (UK)
> mobile: +48 602 45 31 66 (PL)
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech
> _______________________________________________
> Geoserver-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
>
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
